Denial Of Service (DoS)

weborf is vulnerable to Denial of Service DoS. An attacker could exploit this vulnerability by sending a specially crafted multiget request to a vulnerable weborf server which would then attempt to process the request, which would cause the server to crash...

Denial Of Service (DoS)

cometbft is vulnerable to Denial of service attack. The vulnerability is due to a default configuration in cometbft which may affect block times and consensus participation when fully utilized by chain participants. It is advised that chains consider their specific needs for their use case when...

Authentication Bypass

SaToken is vulnerable to authentication bypass.The vulnerability is due to a lack of validation while fetching servlet path. The attacker is able to elevate his privileges to admin through a crafted HTTP request...

Out-of-bounds Write

libstb.so is vulnerable to Out-of-bounds Write. The vulnerability is caused due to a function f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc function in file stb/stbvorbis.c in which a sufficiently large value in the variable sz overflows with sz+7 and the negative...

Out-of-bounds Write

libstb.so is vulnerable to Out-of-bounds Write. The vulnerability is due to startdecoder functions maximum number of submaps allowed is 16, but submapfloor and submapresidue are declared as arrays of 15 elements. This allows an attacker can causes an out-of-bounds write in memory with a crafted...

Out-of-bounds Read

libstb.so is vulnerable to Out-of-bounds Read. The vulnerability is caused when stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that does not match the real number of components per pixel, the library attempts to flip the image vertically. An attacker can craft an image...

Out-of-bounds Read

libstb.so s vulnerable to Out-of-bounds Read. The vulnerability is due to an incorrect calculation of the twoback pointer. This allows an attacker to exploit the out-of-bounds read with a crafted image file using memcpy in stbigifloadnext, This potentially leads to leaking internal memory...

Weak Encryption

Crypto-es is vulnerable to Insecure Hashing Algorithm. The vulnerability is present because the library uses the cryptographically weak sha1 algorithm by default. This weakness allows an attacker to potentially forge data, certificates, or digital signatures, which could lead to unauthorized acce...

Server Side Request Forgery (SSRF)

langchain is vulnerable to Server Side Request Forgery SSRF. The attacker can force the service to retrieve an arbitrary url which could lead to information leak. Also can potentially inject content into downstream tasks...

Double Free

libstb.so is vulnerable to Double Free. The vulnerability is due to startdecoder function in stbvorbis.c file does not initialize the memory allocated for f-commentlist. This allows an attacker to craft a file that triggers an early return in the function, leading to setupfree being called on the...

HTTP Request Smuggling

twisted is vulnerable to HTTP Request Smuggling. The vulnerability exists because it processes requests in an asynchronous manner without ensuring the sequence of the responses, allowing an attacker to smuggle HTTP requests...

Denial Of Service Attack

Mattermost is vulnerable to Denial of Service DoS. The vulnerability was due to the OpenGraph functionality in the server/channels/api4/openGraph.go file of the Mattermost server.This allows an attacker to exploit this by sending numerous requests to the /api/v4/opengraph endpoint, causing...

Double Free

libstb.so is vulnerable to Double Free. The vulnerability is caused due to a function stbiloadgifmain when it returns a null value and fails to free memory in delays variable if stbiconvertformat function is called internally and it fails. This can lead to a memory leak or double-free error if an...

Information Disclosure

apache-airflow is vulnerable to Information Disclosure. The vulnerability is found in the configendpoint.py due to the fact that conf.getboolean"webserver", "exposeconfig" handles only the boolean cases and does not properly handle the case of non-sensitive-only. This oversight enables an...

Remote Code Execution (RCE)

Dtale is vulnerable to Remote Code Execution. This vulnerability exists due to the lack of proper validation in the Custom Filter input, which allows an attacker to execute malicious code on the system...

Cross-site Scripting (XSS)

ethyca-fides is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a lack of proper validation in the privacyexperience.py , which results in inadequate verification of privacy policy URLs. This flaw allows an attacker to create a malicious payload in the privacy policy URL. When...

Out Of Bounds Write

stbvorbis is vulnerable to Out Of Bounds Write. The vulnerability is due to the manipulation of the len variable when processing ogg vorbis files with the f-vendorlen = char'\0';' function. The attacker can exploit this issue by crafting a malicious file that causes the len read in startdecoder t...

Double Free

stb is vulnerable to Double Free. The vulnerability is due to the stbiloadgifmainoutofmem function.This allows an attacker to exploit a double-free condition by using a specially crafted image file...

Out Of Bounds Read

stbvorbis is vulnerable to Out of bounds Read.The vulnerability is due to the processing of ogg vorbis files using the DECODE macro. This can be exploited by the attacker by crafting a file that triggers an out of bounds read when the var is negative thus resulting in leakage of internal memory...

Denial Of Service (DoS)

libstb.so is vulnerable to Denial Of Service. The vulnerability is due to the startdecoder function's processing of a specially crafted file, leading to a memory allocation failure due to the function returning early, setting f-commentlist to NULL, but f-commentlistlength is not reset. An attacke...

Insecure Hashing Algorithm

crypto-js is vulnerable to Insecure Hashing Algorithm. The vulnerability is present because the library uses the cryptographically weak sha1 algorithm by default. This weakness allows an attacker to potentially forge data, certificates, or digital signatures, which could lead to unauthorized acce...

Remote Code Execution (RCE)

libOpenImageIO.so is vulnerable to Remote Code Execution RCE. An attacker could exploit this vulnerability by tricking a user into opening a malicious image file. The file would contain a specially crafted image that would cause the OpenImageIO library to overflow a buffer and possibly execute...

Denial Of Service (DoS)

werkzeug is vulnerable to Denial of Service DoS. An attacker is able to exploit this vulnerability by sending a multipart request to a vulnerable endpoint with a large number of parts. The multipart parser in Werkzeug would then allocate a large amount of memory to process the request, which coul...

HTTP/2 Stream Cancellation Attack

google.golang.org/grpc is vulnerable to HTTP/2 Stream Cancellation Attack. The vulnerability exists because the library does not enforce the limit of concurrently running handlers set by MaxConcurrentStreams. This enables an attacker to send malicious HTTP/2 requests, cancel them, and then send...

Information Disclosure

wagtail is vulnerable to Information Disclosure. The vulnerability allows an authenticated admin attacker to obtain the display names of user accounts by making a direct URL request to the admin view that handles bulk actions on user accounts...

Denial Of Services (DoS)

libsquid.so is vulnerable to Denial of Service DoS. This vulnerability exists because it does not properly manage the conversion between numeric types, which allows an attacker to cause an application crash...

Missing Authorization

Mattermost is vulnerable to Missing Authorization. The Vulnerability is due to not properly checking the creator of an attached file when adding the file to a draft post. This allows an attacker to potentially expose information by adding the file to a draft post...

Cross Site Scripting (XSS)

tribalsystems/zenario is vulnerable to Cross-Site Scripting. This vulnerability exists due to a lack of sanitization in the dbhost, dbname, dbuser, adminusername and adminemail fields, allowing an attacker to inject malicious code into the browser...

Denial Of Service (DoS)

Mattermost is vulnerable to Denial of Service DoS. The vulnerability is due to the /api/v4/users/ids endpoint which lacks a duplicate id check. This allows an attacker to send a request with multiple identical IDs which can consume excessive resources...

Remote Code Execution (RCE)

github.com/jumpserver/kokoi is vulnerable to Remote Code Execution. This vulnerability exists due to the lack of sanitized mongodb sessions, allowing an attacker to inject and execute arbitrary code in the system and gain root privileges...

Server Side Request Forgery (SSRF)

ethyca-fides is vulnerable to Server Side Request Forgery. The vulnerability arises due to application's inability to perform validation against access of internal resources. A specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems...

SQL Injection

langchain is vulnerable to SQL Injection. The vulnerability is due to a prompt injection which allows execution of arbitrary code against the SQL service provided by the chain...

Cross-site Scripting (XSS)

Concrete5/concrete5 is vulnerable to Cross-site Scripting. This vulnerability exists due to the lack of user input sanitization, which allows an attacker to inject and execute malicious JavaScript in the browser through the e Header and Footer Tracking Codes of the SEO & Statistic...

Information Disclosure

Apache Santuario - XML Security is vulnerable to Information Disclosure. The vulnerability is due to a key exposed as a part of debug log when debug level is enabled. This can lead to Information Disclosure if an attacker has access to the logs...

Denial Of Service (DoS)

encodedid-rails is vulnerable to Denial of service attack. The vulnerability is due to a lack of validation while decoding hashid. Extremely long encoded id's consumes a large amount of CPU and allocates immediate objects. maxlength parameter is introduced to fix this vulnerability which limits t...

Cross Site Scripting

evolutioncms is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization of uid parameter. The attacker can exploit this issue by injecting malicious Javascript into the web page via uid parameter...

Information Disclosure

ethyca-fides is vulnerable to Information Disclosure. The vulnerability is due roles.py as it grants the CONFIGREAD scope to roles other than the owner, specifically the VIEWER and VIEWERANDAPPROVER roles. This allows Admin UI users with roles lower than the owner role to retrieve sensitive confi...

Denial Of Service (DoS)

libsquid.so is vulnerable to Denial of Service DoS. This vulnerability allows a remote attacker to exploit a buffer overflow in the HTTP Digest Authentication mechanism of Squid to write up to 2 MB of arbitrary data to the heap memory of a vulnerable Squid server. This can cause a denial-of-servi...

Denial Of Service (DoS)

libsquid.so is vulnerable to Denial of Service DoS. An attacker is able to exploit this vulnerability by sending a specially crafted Gopher request to a vulnerable Squid server. The request would cause the Squid server to allocate a large amount of memory, which would eventually exhaust the...

Denial Of Service (DoS)

parse-server is vulnerable to Denial of Service. The vulnerability is due to improper validation on the file upload mechanism. The attacker can exploit this issue by uploading a file without any extension resulting in an application crash...

Denial Of Service (DoS)

amqp-client is vulnerable to Denial Of Service DoS. The vulnerability exists because the library does not incorporate the maximum inbound message size into the ConnectionFactory. As a result, an attacker can potentially cause an application crash by sending excessively large messages, leading to ...

Denial Of Service (DoS)

next is vulnerable to Denial Of Service DoS. The vulnerability exists because the base-server.ts does not include a cache-control header. Consequently, empty prefetch responses might be cached by a Content Delivery Network CDN. This creates an opportunity for an attacker to potentially crash the...

Password Disclsosure

nautobot is vulnerable to Password Disclosure. The vulnerability is due to the fact that the utils.py does not correctly inherit all the necessary Meta attributes from the base serializer. This flaw permits an authenticated attacker to access hashed user passwords stored in the database through...

Cross-site Scripting (XSS)

nagvis is vulnerable to Cross-site Scripting XSS. An attacker could exploit this vulnerability by tricking a user into clicking on a malicious link or visiting a malicious website. The malicious link or website would contain a specially crafted XSS payload, which would be injected into the NagVis...

Integer Overflows

zchunk is vulnerable to Integer Overflows. An attacker could exploit this vulnerability by tricking a user into opening a malicious zchunk file. The file would contain specially crafted data that would cause the zchunk library to overflow an integer, which could lead to arbitrary code execution...

Information Disclosure

@tauri-apps/cli is vulnerable to Information Disclosure. This vulnerability is due to a commonly used misconfiguration which leads to the leakage of the private key and updater key password. If envPrefix: 'VITE', 'TAURI', was pasted from the documentation into vite.config.ts, the TAURIPRIVATEKEY...

Out-of-Bounds Write

libstb.so is vulnerable to Out-of-Bounds Writes. This vulnerability exists in the f-vendorlen = char'\0' function of stbvorbis.c because it does not properly allocate memory, which allows to an attacker to perform a heap-based buffer overflow via a crafted ogg vorbis file...

Cross-Site Request Forgery (CSRF)

modoboa is vulnerable to Cross-Site Request Forgery CSRF. An attacker could exploit this vulnerability by sending a specially crafted email or link to a victim. The email or link would contain a malicious CSRF token that would allow the attacker to perform actions on the victim's modoboa account,...

Denial Of Services (DoS)

libpodofo.so is vulnerable to Denial of Service DoS. This vulnerability exists because it does not properly return null pointers in the stbiloadgiffrommemory function of stbimage.h, which allows an attacker to cause an application crash...

Open Redirect

djangograppelli is vulnerable to Open Redirect. The library attempts to prevent external redirection with startswith/ but this does not include protocol-relative URL attacks e.g., //example.com, which allows a remote attacker to gain confidential information via views/switch.py...